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Listing of Claims : 

1 . (Previously presented) A method of performing security processing in a 
computing network comprising a local unit having an operating system kernel executing at least 
one application program, comprising: 

receiving a first request at the operating system kernel from the application program to 
initiate a communication with a remote unit; 

providing a second request from the operating system kernel to a security offload 
component which performs security handshake processing, the second request directing the 
security offload component to secure the communication with the remote unit; and 

providing a control function in the operating system kernel for initiating operation of the 
security handshake processing by the security offload component. 

2. (Previously presented) The method according to Claim 1 ? further comprising 
executing the provided control function, thereby initiating operation of the security handshake 
processing. 

3. (Original) The method according to Claim 1, wherein the operating system kernel 
maintains control over operation of the security handshake processing. 

4. (Original) The method according to Claim 1 ? wherein the operating system kernel 
does not participate in operation of the security handshake processing. 

5. (Original) The method according to Claim 1 , wherein the control function further 
specifies information to be used by the security offload component during the security handshake 
processing. 
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6. (Original) The method according to Claim 5, wherein the specified information 
comprises one or more of: a connection identifier; a security role; one or more security versions 
supported; and cipher suites options. 

7. (Original) The method according to Claim 1 , wherein: 

the operating system kernel does not participate in operation of the security handshake 
processing; 

the control function further specifies information to be used by the security offload 
component during the security handshake processing; and 

the specified information comprises one or more of: a connection identifier; a security 
role; one or more security versions supported; cipher suites options; and security certificate key 
ring information. 

8. (Original) The method according to Claim 7, wherein the specified information 
further comprises segment size and sequence number information to be used when transmitting 
messages of the security handshake processing. 

9. (Original) The method according to Claim 7, further comprising the step of 
sending a completion response from the security offload component to the operating system 
kernel upon completion of the security handshake processing, wherein the completion response 
conveys information for use by the operating system kernel in carrying out secure 
communications on a secure session which results from the security handshake processing. 

1 0. (Original) The method according to Claim 9, wherein the conveyed information 
comprises one or more of: an identifier of the secure session; one or more session keys; a current 
sequence number for messages of the secure session; a cipher suite to be used for the secure 
session; a protocol version to be used for the secure session; and a digital certificate or other 
security credentials. 
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1 1 . (Original) The method according to Claim 1 , wherein the operating system kernel 
maintains control over operation of the security handshake processing, and wherein the operating 
system kernel provides one or more message segments to the security offload component for use 
by the security offload component in completing steps of the security handshake processing. 

12. (Original) The method according to Claim 1 1 , wherein a selected one of the one 
or more message segments directs the security offload component in a client device to perform 
random number generation when creating an initial handshake message to transmit to a server 
device. 

13. (Cancelled). 

14. (Original) The method according to Claim 1 1 , wherein a selected one of the one 
or more message segments directs the security offload component in a server device to perform 
random number generation when creating an initial handshake response message to transmit to a 
client device. 

15. (Cancelled). 

1 6. (Original) The method according to Claim 1 1 , wherein a selected one of the one 
or more message segments directs the security offload component in a server device to decode a 
client security certificate which has been transmitted from a client device. 

17. (Original) The method according to Claim 11, wherein a selected one of the one 
or more message segments directs the security offload component in a client device to decode a 
server security certificate which has been transmitted from a server device. 
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1 8. (Original) The method according to Claim 1 1 , wherein a selected one of the one 
or more message segments directs the security offload component in a client device to generate 
and encrypt a pre-master security secret to be transmitted to a server device. 

19. (Cancelled). 

20. (Original) The method according to Claim 1 1 , wherein a selected one of the one 
or more message segments directs the security offload component in a server device to decrypt a 
pre-master security secret transmitted from a client device. 

21. (Cancelled). 

22. (Original) The method according to Claim 1 1 , wherein a selected one of the one 
or more message segments directs the security offload component in a client device to compute 
one or more master security secrets and one or more session cryptography keys to be transmitted 
to a server device. 

23. (Original) The method according to Claim 1 1 , wherein a selected one of the one 
or more message segments directs the security offload component in a server device to compute 
one or more master security secrets and one or more session cryptography keys to be transmitted 
to a client device. 

24. (Original) The method according to Claim 1 1 , wherein a selected one of the one 
or more message segments directs the security offload component in a client device to digitally 
sign a message to be transmitted to a server device. 

25. (Original) The method according to Claim 11, wherein a selected one of the one 
or more message segments directs the security offload component in a server device to validate a 
digital signature of a message received from a client device. 
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26. (Original) The method according to Claim 1 1 , wherein a selected one of the one 
or more message segments directs the security offload component in a client device to compute a 
message authentication code ("MAC") of the security handshake, wherein the computed MAC is 
to be transmitted to a server device. 

27. (Original) The method according to Claim 1 1 , wherein a selected one of the one 
or more message segments directs the security offload component in a server device to compute 
a message authentication code ("MAC") of the security handshake, wherein the computed MAC 
is to be transmitted to a client device. 

28. (Original) The method according to Claim 1 1 , wherein a selected one of the one 
or more message segments directs the security offload component in a client device to validate a 
message authentication code ("MAC") of the security handshake, wherein the MAC was 
transmitted from a server device. 

29. (Original) The method according to Claim 11, wherein a selected one of the one 
or more message segments directs the security offload component in a server device to validate a 
message authentication code ("MAC") of the security handshake, wherein the MAC was 
transmitted from a client device. 

30. (Previously presented) The method according to Claim 1 1 , further comprising 
sending a completion response from the security offload component to the operating system 
kernel upon completion of the security handshake processing, wherein the completion response 
conveys information for use by the operating system kernel in carrying out secure 
communications on a secure session which results from the security handshake processing. 

31. (Original) The method according to Claim 30, wherein the conveyed information 
comprises one or more of: an identifier of the secure session; one or more session keys; a current 
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sequence number for messages of the secure session; a cipher suite to be used for the secure 
session; a protocol version to be used for the secure session; and a digital certificate or other 
security credentials. 

32. (Original) The method according to Claim 3 1 , wherein the conveyed information 
further comprises a current transmission control sequence number for transmitting messages of 
the secure session. 

33. (Previously presented) A method of performing security processing in a 
computing network including a local unit having an operating system kernel executing at least 
one application program, comprising: 

providing a security offload component which performs security session establishment 
and control processing; 

providing a control function in the operating system kernel for initiating operation of the 
security session establishment and control processing by the security offload component; 

receiving a request at the operating system kernel from the application program to initiate 
a communication with a remote unit; and 

directing the security offload component to secure the communication with the remote 
unit in response to the request. 

34. (Previously presented) A system for performing security processing in a 
computing network including a local unit having an operating system kernel executing at least 
one application program, comprising: 

means for performing security session establishment and control processing in a security 
offload component; 

means for executing a control function in the operating system kernel, thereby initiating 
operation of the means for performing security session establishment and control processing by 
the security offload component; 



In re: Brabson, et al. 
Serial No.: 10/007,581 
Filed: December 5, 2001 
Page 8 of 14 

means for receiving a request at the operating system kernel from the application 
program to initiate a communication with a remote unit; and 

means for directing the security offload component to secure the communication with the 
remote unit in response to the request. 

35. (Previously presented) A computer program product for performing security 
processing in a computing network including a local unit having an operating system kernel 
executing at least one application program, the computer program product embodied on one or 
more computer-readable media and comprising: 

computer-readable program code configured to perform security session establishment 
and control processing in a security offload component; and 

computer-readable program code configured to execute a control function in an operating 
system kernel, thereby initiating operation of the computer-readable program code configured to 
perform security session establishment and control processing by the security offload 
component; and 

computer-readable program code configured to receive a request at the operating system 
kernel from the application program to initiate a communication with a remote unit; and 

computer-readable program code configured to direct the security offload component to 
secure the communication with the remote unit in response to the request. 

36. (Previously presented) The method according to claim 1, further comprising: 
preparing a data packet including data to be communicated to the remote unit; 
reserving space in the data packet for security protocol information; and 

passing the data packet including the reserved space to the security offload component. 



37. 



(Previously presented) The method according to claim 36, further comprising: 
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passing control information from the operating system kernel to the security offload 
component, wherein the control information is passed to the security offload component in the 
space reserved in the data packet for security protocol information. 

38. (Previously presented) The method according to claim 36, further comprising: 
passing control information from the operating system kernel to the security offload 

component, wherein the control information is passed to the security offload component 
separately from the data packet. 

39. (Previously presented) The method according to claim 36, further comprising: 
receiving the data packet with the reserved space at the security offload component; 
encrypting the data in the data packet; 

inserting security protocol information in the reserved space; and 
transmitting the resulting data packet to the remote unit. 



